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METHOD AND APPARATUS FOR SECURE DATA TRANSMISSION SYSTEM 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

5 The present invention relates to data transmission systems and, more 

particularly, a method and apparatus for transmitting a secure document so 
that a recipient can review the document and provide a secure response 
without special apparatus at the receiving end. 

2. Description of the Related Art 

10 Most secure data systems of the prior art have required special 

equipment at both the transmission and reception ends in order to recover the 
secure information and provide a secure reply. Such systems usually include 
encryption and decryption devices at both ends of a message. 

Clearly, the sender must have apparatus for converting plain text into 

15 some encrypted or encoded format that is illegible to anyone lacking compati- 
ble apparatus at the receiving end. With so many different types and styles 
of encryption and encoding in an attempt to achieve secure communications, 
and in the absence of a single, standard system, the probability is low that 
the sender and receiver will have compatible encryption systems. 

20 The Internet (global computer network) is a fast growing medium for 

information exchange. Although much of this information is of dubious value, 
the usefulness of the Internet as a vehicle for electronic commerce means 
that there is an increasing need to provide security for data transmissions. 
Different types of data transmissions present different risks and 

25 obstacles and require suitable protection from tampering, corruption, theft, 
unauthorized access, etc. Many software and hardware products that provide 
such security for Internet data require that users at both ends of the 
transaction (i.e. sender and receiver) have the same software components or 
at least a highly compatible set. 

30 This requirement for having nearly identical software at both ends of a 

data exchange is highly limiting. Imagine an exchange that involves parties 
from five different organizations! This requirement can be (and has been) 
dealt with by products such as Norton Secret Stuff from Symantec, Zip and 
WinZip from PKWare, Universal Envelope from VIAexpress, and Envelope98 from 

35 the assignee of the present invention. Each product "wraps" the message to 

be transmitted in an "electronic envelope". This "envelope" contains all the 
computer code and logic necessary to protect the message during transmission 
and to extract it at the receiving end. 

Such an "envelope" can successfully protect data sent to a receiver. 
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However, in many cases the receiver may want (or be required) to reply and 
the reply must also be protected during transmission. Here again, a problem 
reoccurs. The receiver is required to install and use some type of crypto- 
graphic software or hardware to protect the reply. 

Most importantly, this problem must be solved in a way that is simple 
to use and doesn't require an excessive amount of preparation (i.e. creating 
and distributing certificates and public keys, maintaining a authentication 
chain and a public key ring) . Generally, in each case where it is necessary 
to transmit data securely and bidirectionally between two entities (either 
directly or through a private or public communication system) identical or 
highly compatible software and/or hardware must be installed at both ends. 
This presents difficulties whenever a party wishes to exchange information 
with more than one other party. Even then, it may be difficult to assure 
that both parties have equipment capable of communicating with each other. 

Many products and technologies exist that can solve the problem. These 
include technologies known as PGP ("pretty good privacy"), PEM, S/MIME and 
SSL. In each case the systems are not cross -compatible (i.e. a message 
encrypted using the PGP system cannot by decrypted using S/MIME and vice 
versa) . In addition, users of these systems are forced into a complicated 
series of operations to prepare for a data exchange (i.e. key generation, 
authenticity certification, etc.). Several systems require the participation 
of a trusted third party to authenticate the identity of the parties partici- 
pating in the data transfer. 

Although the existing systems are useful in certain situations, their 
acceptance has been slow and limited duetto the high costs (in the form of 
computer resources and user time) and limited cross-compatibility. 

For example, if two users from the same organization wish to communi- 
cate using PGP, they would exchange public keys using a central computer 
(authentication/key server) . Such a server would, in essence, guarantee to 
each user the identity of the other as well as providing to each the other's 
encryption keys. Because most organizations would select a single system to 
use for secure information exchange (i.e. PGP), the users could now exchange 
e-mail easily and securely. 

If however, the two users are from different organizations, there may 
be no central computer to use as a "certification authority". The users 
would then have to exchange keys in person or by mail . They could also rely 
on a trusted third party to provide this service. The two users would still 
have to establish a common standard with which to encrypt their data: PGP, 
PEM, S/MIME, etc. One or both might have to switch to this agreed upon 
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standard. 

It quickly becomes obvious that the overhead created during this 
process greatly complicates the needed exchanges. If the exchange is between 
more than two users belonging to more than two organizations, the level of 
complexity increases rapidly. A simpler solution is required. 

Two users, both with "electronic envelope" software, could exchange 
information without first agreeing on a standard system. However, each would 
have to install into their computer some form of electronic envelope system. 
Even the "electronic envelope" systems described above suffer from an 
inability to transmit data bidirectionally between parties except when all 
"transmitting" parties have installed the same cryptographic software onto 
their computers. 



SUMMARY OF THE INVENTION 

According to the present invention, there is provided to the user, the 
ability to send an "electronic envelope" across private and public communica- 
tion networks including the use of e-mail. The sent information is protected 
from unauthorized access, corruption, tampering and theft while in transit 
and the "electronic envelope" allows the receiving user to decrypt the 
message without having to install any cryptographic software or hardware. 

The invention includes a "secure reply" feature that allows the 
recipient of an encoded message to encrypt and return a message to the 
sender, again without having installed any cryptographic software. The 
present invention gives the receiver's reply the same level of protection and 
security that original encryption afforded the sender. 

The present invention is also easier to use, only requiring the two 
participants to exchange keys (known as "passphrases" ) by any of the avail- 
able modes of communication, such as a telephone conversation, postal mail, 
in person communication, or any other mode. Keys can be changed regularly, 
thereby enhancing security. 

Not all users in an information exchange are required to install the 
systems of the present invention. For example, in a system where a service 
vendor was sending invoices (via e-mail) to selected customers, those 
customers would not need to install any cryptographic software. The present 
invention would provide all the necessary functionality to allow the secure 
return of payment instructions to the vendor. The same system using S/MIME 
or any of the other, prior art systems, would require all users to exchange 
keys with the vendor and obtain compatible software. 

Imagine two people from different companies who need to communicate 
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securely, for example, Alice, who works for Widget Manufacturing Corporation 
(WMC), and Bob, an employee of WidgetBits, Inc., a supplier of components 
needed in the manufacture of widgets. Alice needs a proposal from Bob to 
supply WMC with widget components over the next 6 months. 
5 Since the market for widgets is such a competitive environment, both 

Alice and Bob are keenly aware of the potential damage to their respective 
businesses should their competitors gain access to the information contained 
either in Alice's request or Bob's reply. Accordingly, they could use the 
system of the present invention to conduct their business. 

10 Alice starts by creating a "request for proposal" (RFP) document using 

any word processor. She then uses the present invention to encrypt her 
document which "wraps" it in a self -decrypting "envelope". She also enables 
a feature to give Bob the ability to encrypt his reply. Lastly, she trans- 
mits this "envelope" to Bob using any means she chooses - e-mail, file 

15 transport, or copying the file to disk and mailing it, to name a few. 

To continue with the "envelope" analogy, when Bob receives the 
encrypted message, ("envelope") he opens it using the previously received 
"passphrase" . The document is then decrypted. Bob is assured that no one 
has seen the document while it was in transit and that is was not corrupted 

20 or modified in any way. 

Bob is now free to write his proposal. Again, using any word proces- 
sor, he creates a document to send to Alice as his reply, when the document 
is ready, he once again opens the original "envelope" and supplies the 
passphrase. The option to create a secure reply is offered. If selected, 

25 the proposal is encrypted using the same passphrase that allowed decryption 
of the original message. Bob is then free to transmit his proposal back to 
Alice as a secure reply file using any means at his disposal. 

Upon receiving the secure reply, Alice decrypts it using the original 
encrypt ion -decrypt ion program of the present invention together with the 

3 0 original passphrase. She can now read Bob's proposal and continue to conduct 
her business. 

Another example in which the present invention can be used is an 
implementation of a billing and payment processing system employed in an 
Electronic Commerce environment. A system of this type would use the ability 
35 to provide a secure reply for a more specialized purpose and so would 

implement a different user interface than in the preferred embodiments of the 
present invention. Nevertheless, the ability to provide a secure reply is 
unchanged . 

In a (very simplified) electronic billing and payment system, the two 
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parties correspond via an e-mail connection. Both parties would first agree 
to a pass word or phrase (which may also be a Personal Identification Number 
or "PIN") with which the data being transferred is crypt ©graphically secured. 
The vendor sends the customer an invoice or statement reflecting customer 
5 activity and an amount due. The customer responds with payment instructions 
and an authorization. 

For example, the vendor would prepare a statement. This statement 
would then be encrypted and enclosed in an "envelope" along with a special 
purpose program designed to gather the customer's payment instructions. This 

10 envelope is transmitted through e-mail to the customer. The customer opens 
the envelope using the pass word or phrase established by prior agreement 
with the vendor. Once the contents of the envelope are decrypted, the 
statement is presented to the customer. 

When the customer is ready to make a payment to the vendor, the 

15 envelope is again opened and the special purpose program automatically 

executes, presenting the customer with various payment options. When the 
customer has selected a payment method, a secure reply is generated (the 
payment selection program having automatically requested a secure reply from 
the original envelope) . 

20 The secure reply is then e-mailed back to the vendor. When the vendor 

receives the customer's secure reply, an automated process decrypts the 
reply, extracts the customer's payment instructions and submits them for 
further processing. A working implementation of this electronic billing and 
payment system exists in proprietary products of the assignee of the present 

25 invention. 

The purpose of providing a secure reply feature is to allow two 
computer users to communicate securely (i.e. using encrypted data files) in 
circumstances where only one of them has the cryptographic software needed. 
Whatever software is needed to both decrypt the sent message as well as 
30 encrypt the reply is transmitted with the original message. 

A secure reply may also be used in any circumstance where all that is 
needed is an acknowledgment that the message has been received and correctly 
decrypted since a secure reply cannot be created without knowledge of the 
correct pass word or phrase. In addition, it may be that the contents of the 
35 acknowledgment itself may be useful to a rival business or individual and so 
the encrypted reply provides the necessary security. 

A working implementation of this electronic billing and payment system 
exists in proprietary products of the assignee of the present invention. The 
purpose of providing a secure reply feature is to allow two computer users to 
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communicate securely (i.e. using encrypted data files) in circumstances where 
only one of them has the cryptographic software needed. Whatever software is 
needed to both decrypt the sent message as well as encrypt the reply is 
transmitted with the original message. 
5 For a different example, in an increasingly complex world it often 

become necessary for experts in diverse fields or specialties to work 
together in confidence. Many times these people must cooperate with little 
or no advanced notice and the information to be exchanged is of a sensitive 
or secret nature. All parties would like to execute an information exchange 
10 with a minimum of overhead expenditure. 

Imagine, for example, a law firm (XYZ Partners) represents a well known 
party in contentious litigation. All the materials pertaining to this case 
are considered highly sensitive. Nevertheless, XYZ needs to consult with 
lawyers at another, distantly located firm (HIJ) specializing in an one area 
15 of the case. Time is, of course, of the essence. 

Using the present invention, lawyers at XYZ can send documents to HIJ 
securely through the public e-mail network. The lawyers at HIJ can then edit 
any document sent or add their own input to the document and, using the 
present invention, reply to XYZ with the same level of security. 
20 All parties are. protected by the secure transmission and the collabora- 

tive effort requires a minimum of overhead and preparation. 

Accordingly, it is an object of the present invention to provide a 
method and apparatus to send an encrypted message which permits an encrypted 
acknowledgment that a secure document had been successfully received and 
25 decrypted without special hardware or software at the site of the recipient. 

It is an additional object to retrieve a secure document from a remote 
computer user by first sending an encrypted transmission with a dummy file. 

It is a yet another object to foster a secure cooperative work environ- 
ment by allowing two computer users to cooperatively develop a document: such 
30 as a proposal, business plan, computer software, mechanical schematic, or the 
like. The document would be sent from the first user to the second using an 
protected transmission and the second user could then make any needed 
modifications to the document and return it using the present invention. 

Yet another object of the invention is to enable the secure distribu- 
35 tion of software with user registration information being returned using the 
present invention. 

A further object of the invention is to permit the distribution of 
information about a product under development to a restricted group of 
computer users. Those users could respond with comments, suggestions, etc. 
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in accordance with the present invention. 

The novel features which are characteristic of the invention, both as 
to structure and method of operation thereof, together with further objects 
and advantages thereof, will be understood from the following description, 
5 considered in connection with the accompanying drawings, in which the 

preferred embodiment of the invention is illustrated by way of example. It 
is to be expressly understood, however, that the drawings are for the purpose 
of illustration and description only, and they are not intended as a defini- 
tion of the limits of the invention. 

10 

BRIEF DESCRIPTION OF THE DRAWING 



FIG. 1 is flow diagram showing the principles of operation of the present 
invention . 

15 FIG. 2, including FIGS. 2a- 2d, inclusive are flow charts of the steps taken 
in implementing the sending, receipt and return of secure information; 
FIG. 3, including FIGS. 3a - 3d, inclusive is a more detailed flow chart of 
the process of the present invention; and 

FIG. 4 including FIGS. 4a - 4b is a flow chart of an embodiment of the 
20 present invention for secure billing and payment transactions, 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 
The following Program Flow descriptions and diagrams describe the 
present invention as currently implemented by the assignee in a product 
25 offered by the applicant under the trademark Envelope98™ which is a secure 
transmission product. The same procedures apply in other situations with 
slight changes to the user interface. 

Starting with FIG. 1, there is shown a generalized overview illustrat- 
ing the present invention in use. Utilizing a specialized program, a message 
3 0 (envelope.exe) which includes an executable program and encrypted files is 

created which, when received and executed, decrypts the information contents 
upon the presentation of a preselected pass word or phrase. The entire 
message can be sent to a receiver using e-mail, a modem to modem file 
transfer over telephone lines, or may be recorded upon a disk which can be 
3 5 sent by courier or through the mails. 

At the receiving end, the receiving party executes the program (envel- 
ope.exe) that is an integral part of the message. The receiving computer 
then asks for the agreed upon pass word or phrase and, upon its provision, 
operates upon the encrypted files to decrypt them. The receiver is then 
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given the option to provide a secure encrypted reply. 

If the option is selected, after a reply is prepared, the received 
message is executed again and the reply option, when invoked, encrypts the 
reply message and the reply can be transmitted back to the originator using 
5 any of the same methods that could be employed in sending the initial mes- 
sage. Once the originator receives the message, his equipment permits a 
decryption of the returned file. 

As shown in FIG. 1, the initial step is the creation of the envel- 
ope.exe file 12, which is explained in greater detail in connection with FIG. 

10 2, below. In FIG. 1, the global computer network is used to transmit the 
file 12 in the transmitting step 14. At the recipient's end, the file is 
received 16 and the transmitted program is executed 18. If the recipient 
desires to proved an encrypted reply, the received program enables the 
preparation of the reply 20 and this reply is returned 22 through the global 

15 computer network. The reply is received by the original sender 24 who 
possesses the program to decrypt the reply 26. 

In FIG. 2a, a preferred embodiment of the present invention is de- 
tailed, explaining the layout of the message which is to be transmitted. 
Initially, the user determines which files are to be transmitted, the 

20 encryption algorithm and pass word or phrase, whether to include the secure 
reply option, any other user-specified information and a name for the file. 
In the next step, the decrypt engine code is written and is attached to the 
other file elements. 

Each file that is to be transmitted is sequentially retrieved and, if 

25 the option is selected, compressed. Next, special data is computed and in a 
successive step is encrypted using an algorithm that is user determined. A 
file header is prepared and the file is set for transmission. 

Each of the remaining selected data files, is, in turn, processed 
through the same steps until all selected files have been compressed (if the 

30 option has been selected) provided with error detection codes, file size 
information and any other information which must be added and encrypted.. 
After all of the files are processed, the message is closed and is ready for 
transmission by any available means including the global computer network, 
modem to modem direct transmission, or storing on transportable media and 

35 forwarded by mail or courier. 

With reference now to FIG. 2b, the steps performed at the receiving end 
are outlined. When the transmitted program is executed (envelope.exe) , the 
envelope header is read and the information relative to the number of files 

* 

transmitted is noted. 
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The various user instructions are then acted upon including the 
designation of the files to be extracted, the destination on the recipient's 
computer, pass word or phrase, the files, if any, to be included in a reply 
and, if a reply is to be made, the destination of the reply. 
5 Next, each of the transmitted files is, in turn, decrypted, decom- 

pressed, is verified through an integrity check and written to the prese- 
lected destination in the recipient's system. If a secure reply is to be 
made, the next steps are to be found in FIG . 2c. 

After the message is received and if the receiving party is ready to 
10 send a reply, the user again executes the received program (i.e. runs the 

envelope.exe instruction) . The program is aware (through the use of a flag 
in the message header) that the original contents have already been decrypted 
and asks the user if a secure reply is to be created. 

If the user requests a reply, the program asks for the name of the file 
15 or files to encrypt and, after encrypting the files, "wraps" them in a reply 
header. Notice that no decryption program is returned with the reply as it 
is a precondition of creating the message that the software needed to decrypt 
the reply is present . 

If the secure reply option was provided and elected, the user deter- 
20 mines which files to send, a file name, a password or pass phrase and a 

header. The received program, when executed again compresses (if desired) 
each file that is to be returned, special information is collected and each 
file is encrypted by the program which was transmitted to the recipient, who 
has no other encryption or decryption software available to his system. When 
25 all the files to be returned have been processed, the file is closed and the 
reply message is returned. 

The steps to be followed when the reply is received at the original 
sender's location are indicated in FIG. 2d. The original sender's program 
can read the header of the reply and extract all of the necessary processing 
30 information. The original recipient's reply instructions are then processed 
which include the files to be extracted, the pass word or phrase and the 
destination of the transmitted files . 

In turn, each returned file is decrypted using the appropriate algo- 
rithm. The file is next decompressed, if necessary. The contents are 
35 checked for integrity and the file is stored in the selected destination. 
When all files have been stored, the program is deemed complete. 

Turning to FIG. 3a, the process at the receiving end is illustrated in 
a branching flow diagram. At the start, there is a choice of having a reply 
option on the command line. If no file name is present, a flag is set 
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indicating that a reply is to be created and a file name is generated. The 
program will then ask for the previously agreed upon pass word or phrase. 
Once provided, a crypt key is generated from the pass word or phrase and the 
message can be opened and read. After the header is read, the program checks 
to see if the reply option is indicated by a set flag but the message has not 
yet been decrypted. If so, a warning is given and the option to continue is 
offered. If the choice is not to continue, the program is exited. 

Referring to FIG 3b, if the process is to continue, the next branch 
point is if the flag is not set but the message has been decrypted. If 
affirmative, the user is requested to decide if a reply is desired. If no 
reply is desired, the flag is cleared. If a reply is desired, the flag is 
set . 

The next branch point examines the flag. If it is set, the key is 
verified, If not, the message is decrypted and the program is exited. The 
key is verified and if correct, the next check is made. If the key is not 
correct, the program exits. The next step is to check the reply file name. 
If one is not yet set, a name is acquired from the user. If there is a name 
set, a check is made to see if the file is accessible. 

The process continues with reference now to FIG. 3c. A name is created 
for the reply output file. The user is asked if the created name is accept- 
able. If not, an acceptable file name is acquired. If so, it must be 
determined whether the file can be created. If not, the program is exited. 
If it can, the file is encrypted, a header is written for the "envelope" and 
the datafile and a message is displayed that the process has been completed. 

Turning now to FIG. 3d, the process at the original message source is 
not reviewed with the receipt of the reply message. Because the original 
operating program is at this source, the reply can be immediately opened and 
read. The header identification is noted and the pass word or phrase is 
supplied. The crypt key is created from the pass word or phrase and the file 
name for the decrypted output file is supplied. If the key being used is 
incorrect, the program is exited. If correct, the datafile is decrypted and 
verified as being correct and uncorrupted. If it is not, an error message is 
displayed and the program is exited. If it is correct, then the program is 
exited without the error message. 

An alternative embodiment of the present invention is illustrated in 
the flow diagram of FIG. 4 which includes FIGS. 4a and 4b. In this embodi- 
ment, a simplified program is illustrated for secure billing and payment. 
The bill is presented to the software program which compresses the bill, 
encrypts it and creates a secure "envelope". A e-mail message is created 
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which includes the encrypted bill. The e-mail server then sends the bill 
through the global computer network, sometimes calles the Internet, 

Turning now to FIG. 4b, the message including the bill is received and 
the attachment is opened. A browser is launched which fetches, using the 
5 global computer network, a decryption program from a web site server spe- 
cially authorized to perform this service. Once obtained, the decryption 
program is run. 

The recipient is prompted for a Personal Identification Number ("PIN") 
or pass word or pass phrase. The PIN is checked for validity. If invalid, 

10 it is printed out and the program is shut down. If valid, the program then 
decrypts the message and sends a confirmation over the global network to the 
sender. The bill is then displayed in the browser window and a connection is 
arranged to a billing website. At this point, a payment authorization can be 
sent or the billing website can furnish other bill paying options. The 

15 biller website can be a neutral service provider or a financial institution 

which can be authorized to pay all or a portion of the bill or otherwise meet 
the payment responsibility. 

Thus there has been described a system in which secure messages can be 
transmitted and secure replies can be created by the recipient without the 

20 need for any special software programs installed at the recipient's computer. 

The secure message includes a program, which when executed, enables a viewing 
of the received message and the preparation of a secure reply. However, the 
recipient cannot use the program to create new, secure messages to third 
parties, or to permit those third parties to create secure replies. 

25 The system of the present invention lends itself to the secure exchange 

of data or for secure financial transactions in which bills can be presented 
and paid. In one embodiment, any means of communication may be employed 
including, but not limited to the delivery of portable media. In an alterna- 
tive embodiment, the transmitted program can be abbreviated so that a link is 

30 created through the global computer network that supplies the software 

necessary to decrypt the message and create the secure reply. Further a 
separate link can be created with a secure financial services site that can 
handle a financial transaction based on the submission of a secure billing. 
The scope of the invention should be limited only by the scope of the 

35 claims attached below. 



11 



WO 00/57613 PCT/US00/07588 



CLAIMS 



1 1. A method for the secure transmission of documents comprising the 

2 steps of: 

3 using a security program at a sending location for creating an en- 

4 crypted file including an executable program with the document; 

5 transmitting said encrypted file to a remote recipient; 

6 receiving said encrypted file at a location lacking said security 

7 program; 

8 executing, at the receiving location, the received said executable 

9 program; and 

10 decrypting said received file using said received program. 

1 2. The method of Claim 1, further including the steps of: 

2 including a pass phrase as a part of said executable program to prevent 

3 unauthorized decryption of the received said encrypted file. 

1 3. The method of Claim 2, further including said pass phrase in the 

2 encryption algorithm used in the creation of said encrypted file. 

1 4. The method of Claim 1, wherein said executable program includes, as 

2 a step when running, a verification step for confirming the integrity of the 

3 received file. 

1 5. The method of Claim 1, wherein the step of creating includes a file 

2 compression step prior to the encryption of said file. 

1 6. The method of Claim 1, further including a secure reply option 

2 comprising the steps of: 

3 providing, in said executable program, a option for a secure reply; 

4 electing, at said receiving end, the secure reply option;, 

5 using said received executable program to create a secure reply file 

6 similar to that created by the security program at the transmitting end; 

7 transmitting said secure reply file from said remote location to said 

8 sending location; and 

9 using said security program at said sending location to decrypt said 

10 secure reply file, 

11 whereby a receiving location lacking a security program can receive secure 

12 messages and send secure replies. 

1 7. The method of Claim 6, further including the steps of including a 

2 pass phrase in the creation of said secure file and wherein said received 
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3 executable program requires said pass phrase for execution of said transmit- 

4 ted program. 

1 8. The method of Claim 6, further including the step of verifying the 

2 integrity of said secure reply file at said transmitting location. 

1 9. Apparatus for the secure transmission of documents comprising: 

2 creating means including a security program at a sending location for 

3 creating an encrypted file incorporating an executable program with the 

» 

4 document; 

5 means for transmitting said encrypted file to a remote recipient; 

6 means for receiving said encrypted file at a location lacking said 

7 security program; 

8 means for executing, at the receiving location, the received said 

9 executable program; and 

10 means responsive to the running of said executable program for decrypt - 

11 ing said received file. 

1 10. The apparatus of Claim 9, further including: 

2 means for including a pass phrase as a part of said executable program 

3 to prevent unauthorized decryption of the received said encrypted file. 

1 11. The apparatus of Claim 10, wherein said creating means include 

2 said pass phrase in the encryption algorithm used in the creation of said 

3 encrypted file. 

1 12. The apparatus of Claim 9, wherein said means for executing 

2 include, verification means for confirming the integrity of the received 

3 file. 

1 13. The apparatus of Claim 9, wherein said creating means include 

2 compression means for compressing a file prior to the encryption of said 

3 file. 

1 14. The apparatus of Claim 9, further including means for creating a 

2 secure reply comprising: 

3 selecting means in said executable program for choosing a secure reply; 

4 means at said receiving end for creating a secure reply including means 

5 responsive to said received executable program for creating a secure reply 

6 file similar to that created by the security program at the transmitting end; 

7 means at said remote location for transmitting said secure reply file 

8 from said remote location to said sending location; and 

9 means for executing said security program at said sending location to 
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10 decrypt said secure reply file, 

11 whereby a receiving location lacking a security program can receive secure 

12 messages and send secure replies. 

1 15. The apparatus of Claim 14, further including means for including a 

2 pass phrase in the creation of said secure file and wherein said received 

3 executable program is responsive to said pass phrase for execution of said 

4 transmitted program. 

1 16. The apparatus of Claim 14, wherein said means for executing 

2 include means for verifying the integrity of said secure reply file at said 

3 transmitting location. 

1 17. A method for the secure transmission of documents comprising the 

2 steps of: 

3 using a security program at a sending location for creating an en- 

4 crypted file including an executable program with the document; 

5 transmitting said encrypted file to a remote recipient ; 

6 receiving said encrypted file at a location lacking said security 

7 program; 

8 executing, at the receiving location, the received said executable 

9 program; 

10 connecting to a predetermined site on a global computer network; 

11 retrieving from said predetermined site a suitable executable program 

12 for decrypting said received encrypted file and 

13 decrypting said received file using said retrieved program. 

1 18. The method of Claim 17, further including the steps of: 

2 including a pass phrase as a part of said executable program to enable 

3 said predetermined site to download said suitable executable program thereby 

4 preventing unauthorized decryption of the received said encrypted file. 

1 19. The method of Claim 18, further including said pass phrase in the 

2 encryption algorithm used in the creation of said encrypted file. 

1 20. The method of Claim 17, wherein said suitable executable program 

2 includes, as a step when running, a verification step for confirming the 

3 integrity of the received file. 

1 21. The method of Claim 17, wherein the step of creating includes a 

2 file compression step prior to the encryption of said file. 

1 22. The method of Claim 17, further including a secure reply option 
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2 comprising the steps of: 

3 providing, in said suitable executable program, a option for a secure 

4 reply; 

5 electing, at said receiving end, the secure reply option; 

6 using said received suitable executable program to create a secure 

7 reply file similar to that originally created by the security program at the 

8 transmitting end; 

9 transmitting said secure reply file from said remote location to said 

10 sending location; and 

11 using said security program at said sending location to decrypt said 

12 secure reply file, 

13 whereby a receiving location lacking a security program can receive secure 

14 messages and send secure replies. 

1 23. The method of Claim 22, further including the steps of including a 

2 pass phrase in the creation of said secure file and wherein said received 

3 executable program requires said pass phrase for acquisition of said suitable 

4 executable program. 

1 24. The method of Claim 22, further including the step of verifying 

2 the integrity of said secure reply file at said transmitting location. 

1 25. Apparatus for the secure transmission of documents comprising: 

2 creating means including a security program at a sending location for 

3 creating an encrypted file incorporating an executable program with the 

4 document; 

5 means for transmitting said encrypted file to a remote recipient; 

6 means for receiving said encrypted file at a location lacking said 

7 security program; 

8 means for executing, at the receiving location, the received said 

9 executable program; 

10 means responsive to the running of said executable program for contact- 

11 ing a predetermined site on the global computer network for retrieving a 

12 suitable executable program for decrypting said received file. 

1 26. The apparatus of Claim 25, further including: 

2 means for including a pass phrase as a part of said executable program 

3 to enable communication with said predetermined site to authorize downloading 

4 of said suitable executable program and to prevent unauthorized decryption of 

5 the received said encrypted file. 

1 27. The apparatus of Claim 26, wherein said creating means include 

2 said pass phrase in the encryption algorithm used in the creation of said 
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3 encrypted file. 

1 28. The apparatus of Claim 25, further including means for running 

2 said suitable executable program wherein said means for running include 

3 verification means for confirming the integrity of the received file. 

1 29. The apparatus of Claim 25, wherein said creating means include 

2 compression means for compressing a file prior to the encryption of said 

3 file. 

1 30. The apparatus of Claim 25, further including means for creating a 

2 secure reply comprising: 

3 selecting means in said suitable executable program for choosing a 

4 secure reply; 

5 means at said receiving end for creating a secure reply including means 

6 responsive to said received suitable executable program for creating a secure 

7 reply file similar to that created by the security program at the transmit- 

8 ting end; 

9 means at said remote location for transmitting said secure reply file 

10 from said remote location to said sending location; and 

11 means for executing said security program at said sending location to 

12 decrypt said secure reply file, 

13 whereby a receiving location lacking a security program can receive secure 

14 messages and send secure replies. 

1 31. The apparatus of Claim 30, further including means for including a 

2 pass phrase in the creation of said secure file and wherein said received 

3 executable program is responsive to said pass phrase for downloading said 

4 suitable executable program. 

1 32. The apparatus of Claim 30, including means for executing said 

2 suitable executable program, said suitable executable program including means 

3 for verifying the integrity of said secure reply file at said transmitting 

4 location. 

1 33. The method of Claim 17, further including a reply option compris- 

2 ing the steps of: 

3 providing, in said suitable executable program, a option for a reply; 

4 electing, at said receiving end, the reply option; 

5 using said received suitable executable program to contact a second, 

6 predetermined global computer network site; and 

7 instructing said second global computer network site to take a selected 
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action; 

whereby a receiving location lacking a security program can receive secure 
messages and send instructions to a selected global computer network site, 

34. The method of Claim 33, further including the steps of including a 
pass phrase in the creation of said secure file and wherein said received 
executable program requires said pass phrase for acquisition of said suitable 
executable program. 

35. The method of Claim 33 further including the step of sending a 
receipt confirmation to said sending location. 

36. The method of Claim 33, further including the step of directing 
said selected second global computer network site to send a confirmation 
message to said sending location. 

37. The apparatus of Claim 25, further including means for creating a 
reply comprising: 

communicating means in said suitable executable program for contacting 
a second predetermined global communication network site; and 

means at said remote location for transmitting a predetermined instruc- 
tion to said second global computer network site. 

38. The apparatus of Claim 37, further including means for transmit- 
ting a receipt confirmation to said sending location. 

39. The apparatus of Claim 37, further including means for directing 
said second global computer network site to send a receipt confirmation to 
said sending location. 
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GATHER INSTRUCTIONS FROM USER: 
WHICH FILES TO INCLUDE, SHOULD COMPRESSION BE USED, WHICH 
ENCRYPTION ALGORITHM AND PASSPHRASE TO USE, OUTPUT FILENAME, 
SECUREREPLY ON FLAG, ANY OTHER USER-SPECIFIED INFORMATION. 




WRITE DECRYPT ENGINE AND ENVELOPE HEADER TO OUTPUT FILE: 
COPY DECRYPT ENGINE CODE TO START OF ENVELOPE OUTPUT. SEE 
ENVELOPE HEADER DECLARATION FOR A COMPLETE DESCRIPTION OF 
FIELDS, FIELD SIZES AND CONTENTS. 






LOOP THROUGH EACH INCLUDED INPUT FILE J 








COMPRESS THE INPUT FILE 
IF SELECTED BY USER. ^^^^ 








COMPUTE VALUES FOR FILE HEADER: 
FOOTPRINT, ERROR DETECTION, ETC. SEE ENVELOPE FILE HEADER 
DECLARATION FOR A COMPLETE DESCRIPTION OF FIELDS, FIELD 
SIZES AND CONTENTS. 








ENCRYPT FILE 

USING ALGORITHM SELECTED BY USER. 








WRITE FILE HEADER AND FILE TO OUTPUT | 








IF MORE INPUT FILES EXIST, LOOP FOR NEXT FILE, ELSE EXIT LOOP 










^ CLOSE OUTPUT FILE ] 



WO 00/57613 



PCT/USOO/07588 



3/11 




.2b 



READ ENVELOPE HEADER 
EXTRACT FILE COUNTS AND OTHER NEEDED INFORMATION. 



I 



GATHER INSTRUCTIONS FROM USER: 
WHICH FILES TO EXTRACT, DESTINATION ON TARGET COMPUTER'S 
STORAGE AREA. PASSPHRASE. ETC. WHICH FILE(S) TO INCLUDE 
IN SECUREREPLY, SECUREREPLY OUTPUT DESTINATION, ETC. 



I 



LOOP THROUGH EACH FILE ENCLOSED IN ENVELOPE 



DECRYPT FILE 

USING THE ALGORITHM SELECTED DURING ENCRYPTION/ASSEMBLY. 



I 



DECOMPRESS THE ENCLOSED FILE 
IF IT WAS COMPRESSED (AS INDICATED IN FILE HEADER). 



I 



VERIFY THE INTEGRITY OF THE ENCLOSED FILE 
CHECK FOR TAMPERING, CORRECT DECRYPTION, ETC. 



I 



WRITE DECRYPTED FILE TO OUTPUT DESTINATION 



I 



IF MORE INPUT FILES EXIST, LOOP FOR NEXT FILE, 

ELSE EXIT LOOP 



I 



EXIT 



IF ENVELOPE ENABLED FOR SECUREREPLY AND USER SELECTED 
SECUREREPLY, CREATE SECUREREPLY, ELSE EXIT 



I 



SEE FIG. 2c 
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GATHER INSTRUCTIONS FROM USER: 
WHICH FILES TO INCLUDE, OUTPUT FILENAME, PASSPHRASE, 
ANY OTHER USER- SPECIFIED INFORMATION. 


1 




WRITE SECUREREPLY HEADER TO OUTPUT FILE: 
SEE ENVELOPE HEADER DECLARATION FOR A COMPLETE 
DESCRIPTION OF FIELDS, FIELD SIZES AND CONTENTS. 


1 




LOOP THROUGH EACH INCLUDED INPUT FILE 


1 




COMPRESS THE INPUT FILE 
D? SELECTED BY USER. 


1 




COMPUTE VALUES FOR FILE HEADER: 
FOOTPRINT, ERROR DETECTION, ETC. SEE ENVELOPE FILE 
HEADER DECLARATION FOR A COMPLETE DESCRIPTION OF 
FIELDS, FIELD SIZES AND CONTENTS. 


1 




ENCRYPT FILE 

USING THE SAME ALGORITHM AS SELECTED BY THE USER 
DURING ENVELOPE CREATION. 


1 




WRITE FILE HEADER AND FILE TO OUTPUT 


1 




IF MORE INPUT FILES EXIST, LOOP FOR NEXT FILE, 

ELSE EXIT LOOP 


1 




CLOSE OUTPUT FILE 
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READ SECUREREPLY HEADER 
EXTRACT FILE COUNTS AND OTHER NEEDED INFORMATION. 






GATHER INSTRUCTIONS FROM USER: 
WHICH FILES TO EXTRACT, DESTINATION ON TARGET COMPUTER'S 
STORAGE AREA, PASSPHRASE, ETC. 






LOOP THROUGH EACH FILE ENCLOSED IN SECUREREPLY | 


1 




DECRYPT FEE 

USING THE ALGORITHM SELECTED DURING ENCRYPTION/ASSEMBLY. 






DECOMPRESS THE ENCLOSED FILE 
IF IT WAS COMPRESSED (AS INDICATED IN FILE HEADER). 


1 




VERIFY THE INTEGRITY OF THE ENCLOSED FILE 
CHECK FOR TAMPERING, CORRECT DECRYPTION, ETC. 




1 




WRITE DECRYPTED FILE TO OUTPUT DESTINATION 




1 




IF MORE INPUT FILES EXIST, LOOP FOR NEXT FILE, 

ELSE EXIT LOOP 


1 




CLOSE SECUREREPLY (I.E. INPUT) FILE 
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START 
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SECUREREPLY 
FILENAME ON 
COMMAND 
LINE? 

YES 



NO 



SET DoSR FLAG, SET 
SR INPUT FILENAME 



GET PASSPHRASE 
FROM USER 



I 



GENERATE CRYPT KEY 
FROM PASSPHRASE 



I 



OPEN ENVELOPE 
PROGRAM FILE (READ) 




.2, 



READ ENVELOPE 
HEADER 




WARN USER 
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CREATE SECUREREPLY 
OUTPUT FILENAME 




WRITE ENVELOPE 
HEADER 

1 

WRITE DATAFILE 
HEADER 

1 

DISPLAY SUCCESS 
MESSAGE 




WO 00/57613 



PCT/US00/07588 



9/11 



OPEN SECUREREPLY 
FOR READING 



I 



READ SECUREREPLY 
HEADER VERSION ID 



I 



READ SECUREREPLY 
HEADER 



I 



GET PASSPHRASE 



I 



CREATE CRYPT KEY 
FROM PASSPHRASE 



I 



GET FILENAME FOR 
DECRYPTED OUTPUT 



DECRYPT DATAFILE 




NO 




.3d 




DISPLAY ERROR 
MESSAGE 
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